Lucene search
K

102 matches found

WPVulnDB
WPVulnDB
added 2016/02/23 12:0 a.m.15 views

All In One WP Security And Firewall < 4.0.6 - XSS

The All In One WP Security & Firewall WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.8AI score0.00924EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2015/09/30 12:0 a.m.26 views

Wordpress Better-wp-security Plugin Remote Code Execution Vulnerability

Exploit for php platform in category web applications +++++++++++++++++++++ | + Exploit Title: Wordpress Better-wp-security Plugin Remote Code Execution | + Exploit Author: Tonel Team | + Vendor Homepage : https://wordpress.org/plugins/better-wp-security/ | + Download Link :...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.10 views

WordPress Better WP Security Plugin <= 3.4.3 - Multiple XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

1.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.12 views

WordPress Better WP Security Plugin <= 3.5.5 - Stored XSS

This plugin is prone to inc/admin/content.php idspecialfile parameter stored cross site scripting vulnerability. Solution Update the plugin...

1.7AI score
Exploits0Affected Software1
CNVD
CNVD
added 2015/04/14 12:0 a.m.5 views

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-404.php SQL Injection Vulnerability

WordPress is a set of blogging platform developed in PHP language by WordPress Software Foundation, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. All In One WP Security & Firewall...

7.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/04/07 12:0 a.m.25 views

WordPress All In One WP Security And Firewall 3.9.0 SQL Injection

Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ Software Link :...

0.1AI score
Exploits0
NVD
NVD
added 2015/03/07 2:59 a.m.16 views

CVE-2015-0895

Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...

6.8CVSS7.1AI score0.01076EPSS
Exploits0References3
NVD
NVD
added 2015/03/07 2:59 a.m.16 views

CVE-2015-0894

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

6CVSS8.4AI score0.01539EPSS
Exploits0References3
Prion
Prion
added 2015/03/07 2:59 a.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...

6.8CVSS7.6AI score0.01076EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/03/07 2:59 a.m.17 views

Sql injection

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

6CVSS9.1AI score0.01539EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/03/07 2:0 a.m.43 views

CVE-2015-0895

All In One WP Security & Firewall for WordPress (versions before 3.9.0) is affected by a CSRF vulnerability that can allow an attacker, while a logged-in admin exists, to hijack the administrator’s authentication to delete 404 logs via forged requests. Root cause is CSRF in the plugin; impact inc...

6.8CVSS7.3AI score0.01076EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/03/07 2:0 a.m.51 views

CVE-2015-0894

CVE-2015-0894 affects the WordPress plugin All In One WP Security & Firewall and its versions prior to 3.8.8. The vulnerability is described as a SQL injection (CWE-89) that could allow a remote attacker to execute arbitrary SQL commands via unspecified vectors, potentially impacting data confide...

6CVSS8.7AI score0.01539EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/03/07 2:0 a.m.27 views

CVE-2015-0895

Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...

7.1AI score0.01076EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2015/03/06 12:0 a.m.18 views

All In One WP Security & Firewall <= 3.8.9 - CSRF

According to the original advisory, "If a user views a malicious page while logged in, access logs 404 events maintained by the product may be deleted."...

6.8CVSS2.6AI score0.01076EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2014/10/02 2:55 p.m.57 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

6.5CVSS8.2AI score0.04155EPSS
Exploits6References7
Prion
Prion
added 2014/10/02 2:55 p.m.22 views

Sql injection

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

6.5CVSS8.8AI score0.04155EPSS
Exploits6References7Affected Software1
Cvelist
Cvelist
added 2014/10/02 2:0 p.m.58 views

CVE-2014-6242

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby or 2 order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using...

8.2AI score0.04155EPSS
Exploits6References7
CVE
CVE
added 2014/10/02 2:0 p.m.61 views

CVE-2014-6242

All In One WP Security & Firewall (WordPress) has SQL injection vulnerabilities fixed in version 3.8.3 and earlier analyzed in CVE-2014-6242. HTB reports two SQLi flaws affecting all versions before 3.8.3, exploitable via the orderby and order parameters to wp-admin/admin.php (aiowpsec page). Exp...

6.5CVSS8.3AI score0.04155EPSS
Exploits6References7Affected Software1
WPVulnDB
WPVulnDB
added 2014/09/26 8:53 p.m.22 views

All In One WP Security plugin 3.8.2 - 2xSQL Injections

The All In One WP Security & Firewall WordPress plugin was affected by a 2xSQL Injections security vulnerability...

6.5CVSS2.2AI score0.04155EPSS
Exploits6References2Affected Software1
exploitpack
exploitpack
added 2014/09/25 12:0 a.m.51 views

WordPress Plugin All In One WP Security 3.8.2 - SQL Injection

WordPress Plugin All In One WP Security 3.8.2 - SQL Injection Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without...

6.5CVSS7.5AI score0.04155EPSS
Exploits6
Rows per page
Query Builder